There are two factors that can make this type of threat worse. First, many wireless client packages are configured to automatically associate with an SSID that they've used in the past, based merely on the name of the access point. Future connections often happen automatically, regardless of the hardware address or any other characteristic. Thus, a user may not know that his or her software has associated with an access point, let alone an impersonated one. Secondly, there are tools that can automate WiPhishing attacks, namely Hotspotter and Karma. These tools respond to any SSID requests that a wireless client detects. They can then pretend to be that access point, offering services like Web, email and file sharing to the victim's machine. This scheme dupes a user into revealing passwords and other sensitive information.
To foil these attacks, I recommend deploying encrypted VPN access for wireless traffic. Also, instruct users to trust wireless if and only if they've made a VPN connection across it; otherwise, attackers can monitor their traffic.
Dig Deeper on Endpoint protection and client security
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.